theshire/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml

155 lines
4.1 KiB
YAML
Raw Normal View History

2024-04-09 05:17:44 -05:00
---
# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: &name postgres
spec:
postgresVersion: 16
metadata:
labels:
crunchy-userinit.ramblurr.github.com/enabled: "true"
crunchy-userinit.ramblurr.github.com/superuser: "postgres"
service:
type: LoadBalancer
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: postgres.jahanson.tech
2024-04-09 05:35:07 -05:00
io.cilium/lb-ipam-ips: 10.45.0.7
2024-04-09 05:17:44 -05:00
patroni: # turn on sync writes to at least 1 other replica
dynamicConfiguration:
synchronous_mode: true
postgresql:
synchronous_commit: "on"
pg_hba:
- hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet
- hostssl all all all md5
instances:
- name: postgres
metadata:
labels:
app.kubernetes.io/name: crunchy-postgres
replicas: &replica 3
dataVolumeClaimSpec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
whenUnsatisfiable: "DoNotSchedule"
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: *name
postgres-operator.crunchydata.com/data: postgres
users:
# Superuser
- name: postgres
databases:
- postgres
options: "SUPERUSER"
password:
type: AlphaNumeric
# Applications
- name: atuin
databases:
- atuin
password:
type: AlphaNumeric
- name: gatus
databases:
- gatus
password:
type: AlphaNumeric
2024-04-09 10:08:32 -05:00
- name: grafana
databases:
- grafana
password:
type: AlphaNumeric
- name: prowlarr
databases:
- prowlarr
password:
type: AlphaNumeric
- name: radarr
databases:
- radarr
password:
type: AlphaNumeric
- name: sonarr
databases:
- sonarr
password:
type: AlphaNumeric
2024-04-09 05:17:44 -05:00
backups:
pgbackrest:
configuration: &backupConfig
- secret:
name: crunchy-postgres-secret
global: &backupFlag
archive-timeout: "60"
compress-type: "bz2"
compress-level: "9"
delta: "y"
repo1-retention-full-type: "time"
repo1-retention-full: "14"
repo1-retention-diff: "30"
repo1-path: "/crunchy-pgo"
repo1-s3-uri-style: path
archive-push-queue-max: 4GiB
manual:
repoName: repo1
options:
- --type=full
metadata:
labels:
app.kubernetes.io/name: crunchy-postgres-backup
repos:
- name: repo1 # Minio
s3: &minio
bucket: "crunchy-main"
endpoint: "s3.hsn.dev"
region: "us-east-1"
schedules:
full: "0 1 * * 0" # Sunday at 01:00
differential: "0 1 * * 1-6" # Mon-Sat at 01:00
incremental: "0 2-23 * * *" # Every hour except 01:00
2024-04-09 05:39:31 -05:00
dataSource:
pgbackrest:
stanza: "db"
configuration: *backupConfig
global: *backupFlag
repo:
name: "repo1"
s3: *minio
2024-04-09 05:17:44 -05:00
proxy:
pgBouncer:
port: 5432
replicas: *replica
metadata:
labels:
app.kubernetes.io/name: crunchy-postgres-pgbouncer
config:
global:
pool_mode: "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
client_tls_sslmode: prefer
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
whenUnsatisfiable: "DoNotSchedule"
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: *name
postgres-operator.crunchydata.com/role: "pgbouncer"